[e2e] DDoS attack vs. Spoofing of Source Address

Joe Touch touch at ISI.EDU
Wed Jan 18 16:50:53 PST 2006



rishi jethwa wrote:
> Hi John,
> 
> Majority of DoS attack that happens this days fits into packet flooding
> category. Today we donot have attack that uses some drawback in the
> protocol..like ping of death.

See http://www.isi.edu/touch/pubs/draft-ietf-tcpm-tcp-antispoof-02.txt

It's not quite a ping of death, but it's not quite flooding either.
I.e., the attack depends on covering a number space, not on the sheer
volume of traffic emitted.

> If I properly secure my network, its very difficult for someone with
> just one system to have a DoS attack on me, no matter what combination
> of attack type he uses.

One system can knock out your system if you run IPsec, especially if
on-path - by generating spoofed traffic with the right SPI with the
wrong key. The result sends your CPU into overload verifying that the
packets are badly encrypted. (this presumes you're using software for
encryption).

Similar attacks should work for HTTPS and SSL (though someone else can
help verify that this) by attempting connections with bad signature
exchanges.

Joe

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 250 bytes
Desc: OpenPGP digital signature
Url : http://www.postel.org/pipermail/end2end-interest/attachments/20060118/73f8a499/signature.bin


More information about the end2end-interest mailing list